globalwm
asked on
SMTP Virtual Server Current Sessions showing some strange domain connections
I am seeing lots of sessions in our SMTP virtual server that I dont think should be there. They are from some very odd domains including .hu, .it, .lb, etc. Does this mean I have been comprimised? I will make sure open-relay is not on, is there anything else I need to do?
ASKER
I am specifically talking about the Current Sessions on the smtp virtual server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I am also having the same problem. Under the virtual servers/sesions I have two users one named Hp2345345491 with an ip located in italy and the other authenticated user name localhost with ip in turkey.
Relay is off, if I disable these accounts in the virtual server all smtp mail fails, if I delete the internal address of the mail server 192.168.1.251(192.168.1.24 8) things stop working I am in need of any help to resolve.
Relay is off, if I disable these accounts in the virtual server all smtp mail fails, if I delete the internal address of the mail server 192.168.1.251(192.168.1.24
I am having a similar problem, lots and lots of spam and current sessions open from all over the world. I had a guy call me from states away to say that exchange was sending spam. I terminate the sessions but I just logged in to my server and have 4 more current session from two different places. I have had it checked for open relay but was told there was no open relays. We have also been getting some mail returned undeliverable and I am thinking we may be getting blacklisted. also if I am being blacklisted how can I find out an fix it.
Greg J